Global ATM Skimming Ring Busted

A global investigation led by Europol led to the break-up of an organized crime ring suspected of skimming details from more than 15,000 debit and credit cards.

According to a statement issued by the European police agency, the crime ring, based in Bulgaria, is believed to have defrauded cardholders in the European Union out of more than 50 million euros [U.S. $70.99 million]. So far, 61 individuals from various parts of the globe, including the United States, connected to the ring have been arrested and charged. The ring is suspected of being linked to crime cells in Kenya, South Africa, and the U.S., and more arrests are expected.

Nicole Sturgill, research director of delivery channels at TowerGroup, says the case highlights the prevalence of card skimming. "What stands out to me is that they arrested 61 people and they anticipate more," she says. "I think it just shows how pervasive these skimming rings are. This isn't a couple of smart teenage hackers operating locally, but a globally organized operation."

The bust of the Bulgarian ring comes just more than a month after federal authorities in the U.S. indicted four European men for their alleged involvement in a $1.5 million ATM skimming scheme that targeted Citibank and JPMorgan Chase customers in New York, Chicago and Miami.

On May 29, the Secret Service said it had brought charges against Mihail Draghici, Ionel Dedulescu, Did Theodor Ciulei and Laurentiu Mugurel Manta for their parts in the scheme, which authorities believe led to the withdrawal of more than $1.5 million from multiple bank accounts between March 2010 and May 2011.

"This major new criminal phenomenon exposed in this case, with criminals transferring data stolen within the EU to accomplices in countries and regions elsewhere in the world, is of great concern," said EU Commissioner for Home Affairs Cecilia MalmstrÃ¶m in the issued statement. "Law enforcement authorities should increase their collaboration with Europol in this area. The European Commission, meanwhile, is committed to exploring all possible opportunities to reverse the effects of this new problem."

Terrie Ipson, manager of ATM security at Diebold Inc., one of the world's top three ATM manufacturers, says ATM skimming is a borderless crime. "These reports reinforce that the ATM security landscape is a global one," she says. "With ATM skimming, the stakes are low and the payoff is high, making it an attractive crime. These criminal networks are well-funded, organized and experienced. They have the resources to constantly change their attack methods to defeat security measures."

On July 6, simultaneous arrests by more than 200 law enforcement officers, including the Secret Service, were made in Bulgaria, Italy, Spain, Poland and the U.S. The focus of the operation was Bulgaria, where 150 officers participated in operations to arrest 47 suspects.

"This investigation has given us a unique insight into the 'skimming phenomenon,'" said Europol Director Rob Wainwright in the statement. "It highlights the fact that illegal credit card transactions outside the EU are a major part of the problem, and that as long as cards have magnetic strips, they will be vulnerable to skimming. This operation shows, however, that Europol and its law enforcement partners are determined to crack down on the problem. One of the most significant criminal groups active in this field has been taken out of business in a fantastic example of international police cooperation."

Skimming: A Global Problem

These latest incidents hammer home the point: Skimming is a global concern. And disjointed payments card technology is to blame, says Lachlan Gunn, head of the European ATM Security Team. "[It's] another example of organized European gangs going to the U.S. because of the success of EMV implementation in Europe and other parts of the world in reducing skimming-related losses," he says. "The U.S. has no plans to do the same."

Gunn says U.S. card issuers need to enhance card security. Until they do, European cardholders will likely continue to suffer from skimming, as international crime rings improve their techniques.

"These guys have perfected card skimming techniques in other markets and now appear to be hitting the U.S., as a 'soft' target." [See Europol's Organised Crime Threat Assessment, which states that 80 percent of fraud incidents hitting cardholders in the European Union is committed in the U.S.]

Europol says most fraudsters use cloned EMV cards in regions such as Africa and the U.S., neither of which is EMV compliant. Europol says it is an "increasingly common problem."

Paul Buelens, head of compliance for EastNets, a global banking solutions that specializes in anti-fraud and compliance, says these international crimes are difficult for agencies like Europol to fight. Information-sharing is a problem, which "makes this arrest all the more commendable," he says.

"These criminal gangs are truly utilizing an advanced technology," Buelens says. "They are using skimming equipment that is incorporated on mobile phones to convert magnetic stripes, PIN data and other personal information to SMS messages that can be sent globally."

Buelens says new anti-skimming technology allows transaction acquirers to securely capture card data at the POS or ATM, but more merchants and financial institutions need to make investments in the advanced technology. ." [See 10 Tips to Improve ATM Security]

Diebold's Ipson echoes that sentiment, saying increasing incidents of skimming only magnify the need for more layered security. "Consumer education is another activity that is key in the fight against ATM fraud. Moving forward, we expect an increase in the development of industry regulations that ensure the proper safeguards to reduce the loss to the industry and help protect personal identification information," she says. "We feel that a multi-layered approach, continuous consumer education and increased regulations will help mitigate skimming activity."

That multilayered approach is likely the best option. TowerGroup's Sturgill says EMV might address current skimming trends. But once the mag-stripe goes away, criminals will hone in on other types of card fraud that get around the chip. "If everyone went to chip and PIN, criminals would focus their attention there," she says. "I'm not convinced that overall fraud would decline, even if skimming fraud did decline."

About the Author

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years' experience, she covered the financial sector for 10+ years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.